Making sense of privacy

By March 15, 2010 No Comments

Debates about privacy are often polarised between those of the Scott McNeally “you have no privacy, get over it” school of thought and those who feel deeply uncomfortable with this notion. 

I have been in the former camp because it seems to me that people are increasingly sharing private information and getting benefit from doing so, and that (appropriately annonymised) the data has commercial value whose (appropriately sensitve) exploitation can bring value to everyone.  The way advertisers can now narrowly target on Facebook is a good example – it is good for Facebook and by extension its users and it is good for the advertisers who can now reach their customers more cost effectively.

The counter argument is usually a sense of deep unease about how the data might get used and the point that once the genie is out of the bottle you can’t get it back in and bad things might happen.

danah boyd’s speech to SXSW on Saturday helped me understand this counter argument much better.

For those that don’t know danah does a lot of primary research talking to people about how they use social media so when she says “Privacy Is Not Dead. People of all ages care deeply about privacy” I take notice.  Particularly when it is sandwiched between an admonishment of privileged straight white male technology execs who think differently (that’s me) and an assertion that privacy may have a different meaning to my current understanding.

According to danah, privacy is about having control over information flows and understanding the social setting in order to behave appropriately and avoid embarrassment.  When either of these things are challenged they scream privacy foul.  Reading between the lines of danah’s talk slightly it seems to me that the first thought is about avoiding embarrassment and the desire for control might stem from a desire to be able to fix things later should a difficult situation emerge.

The key to your consumers feeling good about your privacy policy is therefore trust – trust that they understand how your site works from a social perspective and that you won’t change the rules on them in ways that might create problems.

Three quick illustrations of privacy FAILs illustrate the points, the first two from danah’s talk and a third from the UK market:

  • Google Buzz – Google introduced a service into gmail that took data from a private system (email) and by default made it public thereby changing the rules and creating potentially embarrassing situations
  • Facebook Newsfeeds – we have gotten over this now, but when Facebook first started putting status updates into Newsfeeds it created an uproar – because they had changed the rules of the site to make updates much more public which shifted the context and changed the social game (my point isn’t that this was a bad move – we have gotten to like Feeds now)
  • Phorm – this UK company planned to sell a software service to ISPs that would allow them to target ads based on surfing history, people were outraged at the lack of control this implied and the business struggled to make progress

The web and in particular the social media sites within it are of course evolving extremely rapidly which I think explains why privacy is such a hot topic.  If feeling good about privacy requires an understanding of the social setting it is easy to see why people are nervous.

The final point I want to bring out from danah’s talk is the notion that privacy isn’t binary.  Offline there are a myriad of privacy status’s between nobody knows and published in a newspaper and online services need to recognise the complexity of how people think about information sharing.  The Facebook newsfeed example makes this point nicely – they made information that was already publicly available more visible and people were upset, in the way they might be if information from a handwritten note that was passed round the class was copied onto the blackboard.

From the perspective of a startup if privacy might be an issue for your users this analysis tells suggests to me you need a clear set of principles about how and why information will be shared and to inspire trust by having integrity as a core value and not springing surprises on people.  Be aware also that as your site grows the rules of information sharing are likely to change and creating a shift in the privacy ‘environment’ that will need managing.

Reblog this post [with Zemanta]